tags:

views:

527

answers:

4
+3  Q: 

Sniffing/capturing all traffic between Apache and Weblogic on Solaris

We have an application where an embedded device talks to weblogic via Apache. Weblogic and Apache are on the same Solaris server, and we are using the weblogic module for Apache.

The communication works over http

It does not work over https, although the problem does not appear to be directly related to https (the SSL session is negotiated fine and some back and forth happens). It appears the device handles the communication differently when https is used.

We'd like to see the http/https requests and responses to debug this.

We can capture the data between device and server using (e.g.) wireshark, but that's encrypted so isn't a great help. Wireshark (or snoop) don't see the local traffic on the server between Apache and Weblogic. Note: on Linux we could do this - but not on Solaris.

We don't actually need the low level packet capture of Wireshark - capturing the headers and body of the http requests and responses would be sufficient.

Anyone know how do to this? Is there an apache mod that will log all the requests and responses that pass through, perhaps (A google didn't show anything obvious). Any other creative ways of doing this?

+1  A: 

This might be of some help. http://httpd.apache.org/docs/2.2/mod/mod%5Flog%5Fforensic.html

Aviator  2009-09-03 12:47:32
Thanks. This may be worth a try, but I've a nasty feeling we're going to need the body too.
Paul  2009-09-03 12:50:45
Your reply got me looking in the right direction. This looks like exactly what we want: http://httpd.apache.org/docs/2.2/mod/mod_dumpio.html
Paul  2009-09-03 13:24:55
Wow. Glad i could be of some help !
Aviator  2009-09-03 13:38:16
+1  A: 

I asked a similar question on ServerFault, and the best answer seemed to be to set up a TCP proxy on another machine, and force all communications to bounce through there.

So instead of:

Weblogic -> Apache

You would have:

Weblogic -> (across network) TCP Proxy -> (across network) -> Apache

Then you could do whatever tcpdump/wiresharking that you want. I used rinetd which worked well, but I know on Linux at least, the built-in inetd also has the ability to do proxying (and logging).

Update: If you can't do anything across the network, you could use the same concept and something like TcpProxy or something similar (possibly even your regular inetd) to do the proxying and logging. You could even use Netcat as a TCP Proxy. Someone else has also suggested using DTrace to snoop on loopback traffic, since that can hook right into the kernel.

Adam Batkin  2009-09-03 12:47:37
Yes, that would work. Unfortunately, because of where the server is sitting (in a tightly controlled secured environment) bouncing things off another server is tricky
Paul  2009-09-03 12:50:13
Answer updated with a couple more ideas
Adam Batkin  2009-09-03 14:35:28
A: 

You could use truss to capture the socket reads and writes performed by one of the processes.

Kenster  2009-09-06 11:25:00
+1  A: 

My TCP capture program of choice is called balance.

 _           _
| |__   __ _| | __ _ _ __   ___ ___
| '_ \ / _` | |/ _` | '_ \ / __/ _ \
| |_) | (_| | | (_| | | | | (_|  __/
|_.__/ \__,_|_|\__,_|_| |_|\___\___|
  this is balance 3.42
  Copyright (c) 2000-2007,2008
  by Inlab Software GmbH, Gruenwald, Germany.
  All rights reserved.

It's design as a tcp load balancer utility, but using the -p packet dump flag it works pretty well to log all traffic in and out. It displays ASCII in ASCII and encodes everything as hex. It run fine as non-root when using ports >1024.

brianegge  2009-10-20 05:44:10

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP